url blocking depending on client IP
-
Hi,
As squid looks to be deprecated in future packages is there any suitable replacement?
In short, im looking for the ability to filter requests one method is to block social media and enforce safesearch while the other method does not, I'm using pfsense and squid to achieve this, is there a better method?
what are your thoughts? any ideas?
-
@Mr_JinX
For my home, ive been using nxfilter. I don't understand why this isn't talked about more especially in the SOHO or Homelab space.
Get a linux box. Load up nxfilter. Now you can do domain blocking based on categories and be specific to client-IP.
This task shouldn't be done by the firewall anyway. -
It looks really good, my only concern is it's bassed in Korea, and remember if it's free you are the product.
-
@Mr_JinX pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL.
Another idea might be to do something like port forward port 53 to a “family” DNS service based on IP.
-
@Mr_JinX I agree with the possible security problems but i haven't found much negative information on it. Also they won me over because the dev worked on a few of my issues that were not working. So NXFilter has a built in net-flow collector. It wasn't working as i thought and they worked with me on fixing it.
Its in the back of my mind of course that this app hasn't been vetted by anyone(as far as i know) but...so far....works as advertised.
It has an updated categorization system, builtin netflow collector, and reporting (which isn't great). Fills the home requirement.The issue i have with the suggestion of external DNS services is that you cant track who is visiting what site as all source IP information will come from your WAN.